<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
    <title>ShellCheck: SC1098 – Quote/escape special characters when using `eval`, e.g. `eval "a=(b)"`.</title>
    <link rel="stylesheet" href="css/bootstrap.min.css" />
  </head>
  <body style="margin-left: auto; margin-right: auto; max-width: 800px">
    <h1>SC1098 – ShellCheck Wiki</h1>
    <a href="https://github.com/koalaman/shellcheck/wiki/SC1098">See this page on GitHub</a>
    <p style="display: none"><a href="index.html">Sitemap</a></p>
    <hr />
    <h2
id="quoteescape-special-characters-when-using-eval-eg-eval-ab">Quote/escape
special characters when using <code>eval</code>, e.g.
<code>eval "a=(b)"</code>.</h2>
<h3 id="problematic-code">Problematic code:</h3>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="SC1098.html#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="bu">eval</span> <span class="va">$var</span>=<span class="er">(</span><span class="ex">a</span> b<span class="kw">)</span></span></code></pre></div>
<h3 id="correct-code">Correct code:</h3>
<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="SC1098.html#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="bu">eval</span> <span class="st">&quot;</span><span class="va">$var</span><span class="st">=(a b)&quot;</span></span></code></pre></div>
<h3 id="rationale">Rationale:</h3>
<p>Shells differ widely in how they handle unescaped parentheses in
<code>eval</code> expressions.</p>
<ul>
<li><code>eval foo=bar</code> is allowed by dash, bash and ksh.</li>
<li><code>eval foo=(bar)</code> is allowed by bash and ksh, but not
dash.</li>
<li><code>eval $var=(bar)</code> is allowed by ksh, but not bash or
dash.</li>
<li><code>eval foo() ( echo bar; )</code> is not allowed by any
shell.</li>
</ul>
<p>Since the expression is evaluated as shell script code anyways, it
should be passed in as a literal string without relying on special case
parsing rules in the target shell. Quote/escape the characters
accordingly.</p>
<h3 id="exceptions">Exceptions:</h3>
<p>None.</p>
    <hr />
    <p style='font-size: 80%'><a href="../index.html">ShellCheck</a> is a static analysis tool for shell scripts. This page is part of its documentation.</p>
  </body>
</html>


